CVE-2025-27820

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Apache HttpClient versions 5.4.0 through 5.4.2

Description A bug in PSL validation logic disables domain checks, affecting cookie management and host name verification. This issue was discovered by the Apache HttpClient team.

Recommendations For Apache HttpClient versions 5.4.0 through 5.4.2, update to version 5.4.3 to resolve the issue. As a temporary workaround, consider restricting cookie management and host name verification until the update is applied.

Fix

LPE

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2025-9506

ALT-PU-2025-9551

BDU:2025-05017

CVE-2025-27820

GHSA-73M2-QFQ3-56CX

Affected Products

Alt Linux

Apache Httpclient

Bamboo

Confluence

CVE-2025-27820

Weakness Enumeration

Related Identifiers

Affected Products

References · 29